On 14/11/2019 16:38, Stefan Bauer via mailop wrote:
reputation with DKIM when d= differs from sender domain?
Is it bad - in terms of reputation - when domain in dkim-header
(d=...) differs from senders address?
signing is done correctly and pub-key is present at domain of corse -
specified with d=...
like d=mydomain.com
Sender is Stefan <m...@corp.org>
I could not find anything in the RFC.
There's a reason for that.
DKIM itself has nothing to do with reputation. It's simply a way of
proving that the message was 'authorised' by someone.
People who use it for reputation could potentially do all sorts of
different things - from just assigning a 'trustworthiness' rating to a
signing domain, or a combination of signing domain & sender or whatever.
So, you will probably get as many answers as people who choose to answer.
If you use DMARC, then the signing domain is ignored for DMARC's
purposes if it's not associated with the 'From' header address domain.
Here we do something very simple, and decide to trust signing domains if
they don't send spam, and aren't ISPs, ESPs, or hosting companies (eg a
generic AmazonSES signature), but other people probably do different things.
That doesn't mean we distrust DKIM signatures from ISPs, ESPs or hosting
companies, just that we ignore them if the signature verifies, because
that tells us nothing useful.
--
Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
Sign up for news & updates at http://www.pscs.co.uk/go/subscribe
_______________________________________________
mailop mailing list
mailop@mailop.org
https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
